Pages

Sunday, June 9, 2013

Andi Gutmans on PHP, Cloud Computing and Security InfoQ.com

Andi Gutmans on PHP, Cloud Computing and SecurityInfoQ.comIn
an exclusive interview to InfoQ, Andi Gutmans, CEO and Co-founder, Zend
shares his views about cloud computing, various aspects related to PHP including security and the course of action which needs to be taken to protect your site from hackers. InfoQ: Can you explain the meaning of cloud computing in simple words?

There are so many different options within the world of
cloud computing (SaaS, Iaas, Paas) so there’s no one easy answer to this
one. For most developers what cloud means is self-service development
environments (which means no wasting time installing, configuring and
managing your development environment), and a frictionless path to ease
the handoffs and collaboration between development, test, and
production.
At Zend, we offer a free development environment (the Zend Developer
Cloud), and one of the elements that our users tell us they most
appreciate is the ability to share snapshots of their stack and code
with other developers. That easy sharing thought is a big aspect of
many cloud solutions.

InfoQ: Do you think the world has completely utilized the potential of cloud computing?

Absolutely not, we are only at the beginning of taking
advantage of the potential of cloud computing. There is a lot of change
yet to come in how companies embrace Platform as a Service in
particular. This is because leveraging pre-built infrastructure allows
more focus on what matters - the apps themselves. A lot of applications
are also going to move in the future to SaaS, which in turn will drag
along an increased usage of IaaS and PaaS also to support those apps.

InfoQ: From your point of view, how can cloud computing benefit end users?

It will be easier for application owners to deliver
application level SLAs around end user response time and availability by
leveraging cloud computing. The agility of cloud computing is also
going to enable companies to innovate faster - thus providing more end
user value.

InfoQ: Can you share with us how developers managed projects prior to the evolution of cloud computing?

Prior to cloud computing it was a lot more difficult for
developers to implement an agile development process - as a result they
had to either work harder to create that flexibility in a non-cloud
environment, or deal with a lack of development agility.

InfoQ: From your point of view, which cloud platform is beneficial and less vulnerable - Windows Azure, PHP or Java based?

Well, went it comes to security there is a lot that goes
into the security of an application - language runtime security,
development best practices, physical security, network security, access
control, and several others.
One important point is whatever language you choose, it is important
to look for the vendors who are fastest at responding to issues (the
reality is that you can never avoid all language issues occurring). For
example, recently the PHP community has been faster to respond to
security issues than the Java community has been.
However, it is also important to remember that the primary challenge
that deserves a dev team’s focus is the application code itself, as this
is where vulnerabilities are most likely to be introduced. Taking
advantage of frameworks, code audits, and training are the 3 most common
ways to mitigate this risk.

InfoQ: How do you see the potential of cloud computing after 2030?

We probably have a different iteration of cloud computing
possibly under a different name by then, but the core advantages of
scale and agility will clearly continue to exist, and drive broad
adoption.

InfoQ: Do you think data passed through cloud computing platform will be secure?

There is a lot of innovation in the cloud data security
space right now. Long term, we believe data in the cloud can be just as
secure as on premise if not more secure. The economies of scale that
companies see in the cloud in the areas of scalability and cost today,
can be expanded to economies of scale leveraging the security expertise
of large companies like Microsoft, Google and Amazon in the future. It
is unlikely that any small company or organization will be able to
invest in infrastructure security at the depth and level of detail that
these players will be able to.

InfoQ: Can you share with us the role of PHP in the development of mobile apps?

In our experience, PHP is being chosen more than any other
language for the back–end of mobile apps. In fact, based on Evans Data
surveys, 75% of dynamic language developers who are working on mobile
apps choose PHP. Plus, our own Zend surveys show that over 90% of PHP
devs are already working on mobile apps. We see PHP being chosen because
of its flexibility, ease of integration with existing back end systems,
plus it lends itself well to an API based architecture.

InfoQ: Can you explain the role of Zend in the development of PHP applications?

Zend continues to be a significant contributor to the PHP
language. The Zend Engine, which is the core of PHP, continues to be
maintained by Zend. We also just recently contributed bytecode caching
technology which will be shipping as part of PHP 5.5. Contributing as
part of the PHP community continues to be important to Zend and we also
contribute to other open source projects including Eclipse PDT and Zend
Framework.
Zend’s successful commercial offering, the Zend Server Application
Platform, leverages the same open source PHP, but adds additional
capabilities around auto-scaling, session clustering/failover, as well
as monitoring of your PHP apps so you can be alerted to and hopefully
avoid the most common application issues.

InfoQ: Developers often report severe vulnerabilities in PHP
from time to time. Can you share with us the security measures that are
planned to be implemented in the upcoming releases to harden PHP and
also to protect the site from hackers?

The PHP security response team continues to collaborate
with a variety of large vendors and security researchers to pinpoint and
address emerging security issues. The PHP application frameworks are
all also trying to address this issue by enhancing the best practices
within each framework.

InfoQ: In my state, Kerala, India, most of the local
Government department websites are developed using PHP. Recently, many
of these sites are hacked. Can you share with us the steps needed to be
taken to prevent such incidents in future?

I recommend starting with an application audit. Nothing can
help as much as having an expert from the outside look at your
application code. The second point would be to become close to at least
one of the major PHP frameworks (Zend Framework, CakePHP, Syfomy) - each
of these has an ongoing focus on attacking the latest issues so it is
helpful to stay closely in touch with their latest updates.
Lastly, there are some great security training classes out there -
developers need ongoing web security training to understand how to
implement the latest best practices, which are constantly being updated.

Followers

Important Links

Note:

@2zuseful is the user friendly blog to provide information about the useful data in all fields in the world for people, these posts are are collecting from the different web sources to share the information to all my friends, if its useful to you read and share with your friends and get knowledge, if its having any copy right content we don't have any objections to remove,please fell free to share with me.